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Data TRANSMISSION method, user equipment and GPRS/edge 

RADIO ACCESS NETWORK 

The invention relates to a method for transmitting data between a 
5 GPRS/EDGE radio access network GHRAN (General Packet Radio 
Service/Enhanced Data Rates for GSM Evolution) and user equipment of a 
mobile system, to user equipment and to a GPRS/EDGE radio access network 
GERAN. 

. BACKGROUND 

10 When transmitting data from GERAN to user equipment and vice 

versa, the data to be transmitted must be encrypted (ciphered) before 
transmission for security reasons. Encryption makes tapping of signalling and 
user data difficult. The data to be transmitted is encrypted using an encryption 
algorithm at the transmitting end and the encrypted data is transmitted from 

15 the transmitting end to the receiving end, where the transmitted data is 
decrypted using an encryption algorithm. The same encryption algorithm is 

used at both ends. 

An encryption mask created by the encryption algorithm is attached 
to the data to be encrypted using an XOR operation (logical exclusive OR 
20 operation), so the encryption does not per se increase the number of bits to be 
transmitted. This can be presented by the formula 

C=M®P 

25 wherein C is the encrypted data. M is the encryption mask, P is the 

uncrypted data and ® is the XOR operation. 

The encryption algorithm requires input parameters to make the 
encryption mask resulting ftom the algorithm different for each user and each 
usage time. The most important parameter Is the encryption key whose length 

30 is 128 bits, for Instance. A different encryption key, and thus also a different 
encryption mask, is used for each user. However, a problem arises from the 
fact that the same encryption mask cannot be used twice for data with 
different content This prohibited situation can be described by the fomiuia 
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® P.eAf^C, (2) 

wherein Pi and P2 are uncrypted data with different content and Ci 
and C2 are encrypted data with different content As can be seen, a pbssible 
5 eavesdropper can remove the mask by performing an XOR operation between 
the data having different content and encrypted using the same mask, thus 
breaking the encryption. 

Because of this, other parameters are also used in encryption 
algorithms* for instance the encryption algorithm of a radio access network 
10 (UTRAN) employing the wideband code division multiple access method of the 
universal mobile telecommunications system (UMTS) uses as input 
parameters a counter parameter which changes with time, a directional 
parameter (uplink/downlink) and a bearer parameter. 

The stmcture of the encryption algorithm to be used in GERAN has 
15 not yet been decided. It should, however, meet at least the following 
requirements: 

- implicit encryption syr^chronization, especially in connexion with 

handover, 

- similar approach to k>oth real-time and non-real-time servicesy 
20 - incremental redundance^ 

" multiplexing several different users to the same time slot, 

- multiplexing several different radio bearers to the same user 
equipment, 

- enabling multi-slot operation, 

25 BRIEF DESCRIPTION OF THE INVENTION 

It is an object of the invention to provide an improved method for 
transmitting data between a GPRS/EDGE radio access network GERAN and 
user equipment of a mobile system, a piece of Inrrproved user equipment and 
an improved GPRS/EDGE radio access network GERAN, As an aspect of the 

30 invention, a method according to claim 1 presented for transmitBng data 
between a GPRS/EDGE radio access network GERAN and user equipment of 
a mobile system. As a second aspect of the Invention, user equipment 
according to claim 17 is presented. As a third aspect of the Invention, a 
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GPRS/EDGE radio access network GERAN according to daim 33 is 
presented. Preferred embodiments of the invention are disclosed in the 
d^endent claims. 

The invention is based on re-using the encryption algorithm of 
5 UTRAN as such in GERAN. This is made possible by defining the internal 
operation of the encryption algorithm as a black box and by modifying the 
input parameters required by the encryption algorithm according to the 
requirements set by GERAN, 

The method and apparatus of the invention provide several 

10 improvements. Designing a new encryption algorithm is a very demanding 
operation. When using the invention, a new encryption algorithm need not be 
designed for GERAN, but the already designed UTRAN encryption algorithm 
can be used instead. This saves a consWeraWe amount of work as well as the 
product development costs caused by it. The invention also facilitates the 

.15 design of user equipment capable of contacting both UTRAN and GERAN. 

BRIEF DESCRIPTION OF THE FIGURES 

In the following, the invention wll be described in greater detail by 
means of the preferred embodiments and with reference to the attached 
drawings, In which 

20 Figure 1 A shows an example of the structure of a cellular networi^ 

Rgure 1 B Is a block diagram showing the cellular networi< in greater 

detail, 

Figure 1C shows a circuit-switched connection. 

Figure 1 D shows a packet-switched connection, 
25 Rgure 2 shows an example of the protocol stacks of certain parts of 

the cellular network, 

Figure 3 is a flow chart illustrating a method for data transmission. 

Rgure 4 illustrates encryption at the transmitting end and decryption 
at the receiving end, 

30 DESCRIPTION OF EMBODIMENTS 

Specifications for third-generation mobile systems, such as UMTS, 
are being developed by 3GPP (lhir6 Generation Partnership Project) whose 
home pages at http://www.3gpp.org contain specifications related to the 
general stmcture and encryption of the system, whteh provide a good 

35 description enabling a person skilled in the art to use of the invention. The 
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specifications related to encryption in particular are incorporated, herein by 
reference: 

- 3G TS 33.102 V3.2.0: Security Arcfiitecture 

- 3G TS 25.301 V3.4.0: Radio Interface Protocol Architecture 

5 - 3G TS 33.105 V3.3.0: Cryptographic Algorithm Requirements. 

A typical radio system stmcture and its connectioTis to a pubfic 
switched telephone network and packet transmission r^twork are described 
with reference to Figures 1A and IB. Figure IB only contains blocks ^sential 
for describing the embodiments, but it is clear to a person skilled rrt the art that 

10 a conventional cellular network also contains other functions and structures 
which need not be described in greater detail herein. The radio system of the 
invention uses a GPRS/EDGE radio access network OERAN. The tem^ 
GERAN refere to an evolution of the GSM (Global System for Mobile 
Communication) system, the TDMA/136 (Time Division Multiple Access) 

16 system and the EDGE system, which is intended to provide full third- 
generatiori (UMTS/WCDMA/cdma2000) mobile services. 

Thus in a sense, GERAN is an intenmediate form of the GSM-based 
GPRS or EGPRS (Enhanced General Packet Radio Service) and the universal 
mobile telecommunications system UMTS employing wideband code division 

20 multiple access, in which the stmcture of the radio access network Is outlined 
In UMTS style and the radio access network Is called GERAN. for instance, 
and in which the radfo interface is. however, a normal GSM-based radio 
interface or a radio Interface employing EDGE modulation. EGPRS is a GSM- 
based system utilizing packet-switched transmission. EGPRS uses EDGE 

25 technology to Increase data transmission capacity. In addition to 6MSK 
(Gaussian Minimum-Shift Keying) modulation, which is used normally in GSM. 
it is possible to use 8-PSK (8-Phase Shift Keying) modulation for packet data 
channels. The aim is mainly to implement non-real-time data transmission 
services, such as file copying and the use of an internet browser, but also leal- 

30 time packet-switched services in the transmission of speech and video 
images, for instance. 

The descriptions of Figures lA and 1B are mainly based on UMTS. 
The main parts of a mobile system are a core network CN, a UMTS terrestrial 
radio access network UTRAN. and user equipment UE. The interface between 

35 CN and UTRAN is called lu, and the radio interface between UTRAN and UE 
is called Uu. 
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UTRAN is made up of radio network subsystems RNS. The 
Interface between RNSs is called lur. RNS Is made up of a radio network 
controller RNC and one or more nodes B. The Interface between RNC and B 
is called lub. The coverage area, I.e. cell, of a node B is marked C in Figure 
5 1 B. RNS can also be called by Its more traditional name, base station system 
(BSS). The network part of the radio system thus comprises a radia access 
network UTRAN and a core network CN. 

The description in Figure 1A is very abstract so it is clarified in 
Figure 1B by indicating approximately whk^ part of the GSM system 
10 corresponds to which part In UMTS. It should be noted that the presented 
description is in no way binding but for the purpose of illustration, since the 
responsibilities and functions of the different parts of UMTS are still being 
designed. 

User equipment 150 can, for instance, be fixed, installed in a 

1 5 vehicle, or portable. The user equipment 1 50 is also known as a mobile station 
MS. The infrastructure of the radio access network UTRAN is made up of 
radio networi< subsystems RNS, i.e. base station systems. A radio network 
subsystem RNS is made up of a radio network controller RNC, i.e. base 
station controller, 102 and at least one node B, l.e. base station. 100 

20 controlled by it 

The base station B has a multiplexer 116, transceivers 114 and a 
control unit 118 which controls the operation of the transceivers 114 and the 
multiplexer 116. Traffic and control channels used by the transceivers 1 14 are 
placed on the transmission link 1 60 by the multiplexer 116. 

25 The transceivers 1 14 of the base station B are conrjected to an 

antenna unrt 112 which implements a bi-directional radio link Uu to the user 
equipment 150. The stmcture of frames transmitted in the bi-directional radio 
(ink Uu is exactly defined. 

The radio network controller RNC comprises a group switching field 

30 120 and control unit 124. The group switching field 120 is used for speech and 
data connection and to connect signalling circuits. The base station system 
formed by the base station B and the radio network controller RNC also 
comprises a transcoder 122. Wori^ distribution between the radio network 
controller RNC and the base station B as well as their physical structure can 

35 vary depending on implementation. Typically, the base station B takes care of 
the radio path innplementation as described above. The radio network 
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controller RNC typically takes care of the following: management of radio 
resources, control of handover between cells, power adjustment, timing and 
synchronization, paging user equipment. 

The transcoder 122 is usually located as close as possible to a 

6 mobile switching centre 132, because speech can then be transmitted In 
mobile telephone system format between the transcoder 122 and the radio 
network controller RNC, saving transmission capacity. The transcoder 122 
converts the different digital coding formats of speech used between the public 
switched telephone network and the mobile network to be compatible vwth 

10 each other, for instance from the 64 kbit/s format of a public network to 
another (e.g. 13 kbit/s) format of a cellular network and vice versa. The 
hardware required is not described in detaa herein, but rt can be noted that 
other data than speech is not converted in the transcoder 122. The control unit 
124 takes care of call control, mobUity management, collecUon of statistics. 

15 and s'^nalling. 

The core network CN comprises an infrastructure belonging to a 
mobile telephone system and external to UTRAN. Of the apparatuses 
belonging to the circuit-switched transmission of the core network CN, Figure 
1B shows the mobile switching centre 132. 

20 As shown in Figure 1B, connections (shown as black dots) can be 

made witti the switching field 120 to both a public switched telephone network 
134 through the mobile svwtching centre 132 and to a packet-switched network 
142. A typical temiinal 136 in the public switched telephone network 134 is a 
conventional phone or an ISDN (Integrated Ser\/ices Digital Nelwork) phone. 

25 Packet transmission is perfomned fnDm a computer 148 connected to the 
mobile system through the Internet 146 to a portable computer 152 connected 
to the user equipment 150. Instead of a combination of the user equipment 
150 and portable computer 152, a WAP (Wireless Application Protocol) phone 
can be used. 

30 The connection between the packet transmission network 142 and 

the switching field 120 Is established by a serving GPRS support node (SGSN) 
140. The task of the serving support node 140 is to transmit packets between 
the base station system and a gateway GPRS support node (GGSN) 144. and 
to record the location of the user equipment 150 in its area. 

35 The gateway support node 144 connects the public packet 

transmission network 146 and the packet transmission network 142. An 
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Internet protocol or an X.25 protocol can be used in the interface. The gateway 
support node 144 hides by encapsulation the internal structure of the packet 
transmission network 142 from the public packet transmlsstoh network 146 so 
that to the public packet transmission network 146, the packet transntfssion 

6 network 142 seems like a sub-network and thei public packet transmission 
network 146 can address packets to and receive packets from the user 
equipment 150 in it. 

The packet transmission network 142 is typically a private network 
that uses an Internet protocol and transfers signalling and user data. 

10 Depending on the operator, the structure of the network 142 may vary In its 
architecture and protocols below the Internet protocol layer. 

The public packet transmission network 146 can be the worldwide 
Intemet. for instance, over which a terminal 148, such as a sen/er, connected 
to it wants to transmit packets to user equipment 1 50. 

15 Figure 1C shows how a circuit-switched transmission link. Is 

established between the user equipment 150 and the public switched 
telephone network terminal 136. In the figures, a thick line shows how data is 
transmitted through the system over a radio interface 170 from the antenna 
112 to the transceiver 114 and from there, after multiplexing in the multiplexer 

20 116, over the transmission link 160 to the switching field 120 which has a 
connection to an output to the transcoder 122, and from there on, through a 
connection made in the mobile switching centre 132 to the terminal 136 
connected to the public switched telephone network 134. In the base station 
100. the control unit 118 controls the multiplexer 1t6 in perfbnning the 

25 transmission, and in the base station controller 102. the control unit 124 
contnalsthe switching field 120 to make a con-ect connection. 

Figure 1D shows a packet-switched transmission link. A portable 
computer 152 Is now connected to the user equipment 150. A thick line shows 
how the data being transmitted advances from the server 148 to the portable 

30 computer 152. Data can naturally also be transmitted in the opposite 
transmission direction, i.e. from the portable computer 152 to the server 148. 
The data advances through the system over the radio interface. I.e. Um 
interface, 170, from the antenna 112 to the transceiver 114, and from there, 
after multiplexing in the multiplexer 116, over the transmission link 160 and 

35 Abis interface to the swftching field 120, from which a connection has been 
established to an output to the support node 140 on the Gb interface, from the 
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support node 140, the data is transmitted over the packet transmission 
network 142 through the gateway node 144 to the server 148 connected to the 
public packet transmission network 146. 

For clarity's sake, Figures 1C and ID do not show a case where 
5 both circuit-switched and packet-switched data is transmitted simultaneously. 
This is, however, completely possible and common, since free capacity can 
flexibly be taken into use from circuit-switched data transmission to packet- 
swrtched transmission. A network can also be built, in which only packet data, 
and no circuit-switched data, is transmitted. In sue* a case, the stnjcture of the 

1 0 network can be simplrfied, 
— - " - -Let VIS examine- Figure H> again. The different entities of the UMTS- - 
system - CN, UTRAN/GERAN, RNS/BSS, RNC/BSC, B/BTS - are outlined in 
the figure by dashed-line boxes* In a packet-switched environment, the core 
network CN comprises a support node 140, packet transmission network 142 

1 5 and gateway node 144. 

In addition to what is described above, GPRS has two specific 
elements: a channel codec unit CCU and a packet contral unit PCU. CCU's 
tasks include channel coding including FEC (Forward Em?r Coding) and 
interleaving, radio channel measuring functions, such as the quality level of 

20 received signal, reception power of received signal, and information related to 
timing advance measurements. PCU's tasks include segmenting and re- 
assembly of an LLC (Logical Link Control) segment, ARQ (Automatic Repeat 
Request) functions, PDCH (Packet Data Channel) scheduling, channel access 
control and radio channel management functions. CCU 182 resides in the 

25 base station 100, and depending on its implemeniation, it can be considered 
to be a time-slot-specific or a transceiver-specific unit PCU 180 is connected 
to CCU 182 over an Abis interface. PCU can reside in the base station 100 or 
in the base station controtier 102. Figure 1C shows PCU 180 in the base 
station controller 102, but for clarit/s sake, its location in the base station 100 

30 has not been shown. 

Figure ID also shows the structure of the user equipment UE for 
the parts that are of interest to the present application. The user equipment 
UE comprises an antenna 190 thnDugh which a transceiver 192 receives 
signals from a radio path 170. The operatton of the user equipment UE is 

35 controlled by a control unit 194, which is typically a microprocessor with the 
necessary software. Protocol pn>cessing described later is also performed with 
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said software. In addition to the described parts, the user equlpmertt UE also 
comprises a user interface, which typically contains a loudspeaker, 
microphone, display and keyboard, and a battery. These are, however, not 
described in more detail herein, because they are not of interest to the present 
5 invention. 

The sfructure of the transceiver in the base station B of the 
stmcture of the transceiver in the user equipment UE are not described in 
more detail herein, because it is dear to a person skilled in the art how said 
apparatuses are implemented. It is, for instance, possible to use a nomnal 

10 radio access networi^ transceiver and user equipment transceiver according to 
EGPRS. For the present application it is only important that the radio link 170 
can be implemented, since the operation required by the apprication is then 
perfonned in the higher OSl (Open Systems Interconnection) modef layers, 
especially In the third layer. 

1 5 Figure 2 shows packet protocol stacks of the EGPRS control plane- 

It should, however, be noted that the embodiments are not lirtiited to EGPRS, 
The protocol stacks are formed according to the OSl (Open Systems 
Interconnection) mode! of ISO (international Standardization Organization). In 
the OSl model, the protocol stacks are divided into layers. In principle, there 

20 can be seven layers. Figure 2 shovre for each network element, the packet 
protocol parts that are processed in the network element in question. The 
network elements are the mobile station MS, base ^tion system BSS, 
support node SGSN. The base statton and base station controller are not 
shown separately, because an interface has not been defined between them. 

25 The protocol pnDcessing set for the base station system BSS can thus in 
principle be distributed freely between the base station 100 and the base 
station controller 102, not however the transcoder 122 even though It does 
belong to the base station system BSS. The ne4wori< elements MS. BSS and 
SGSN are separated by interfaces Um and Gb between them. 

30 A layer in each apparatus MS, BSS, SGSN communicates logicany 

with a layer in another apparatus. Only the lowest, physical, layers 
communicate directly w'rth each other. Other layers always use the sennoes 
provided by the next lower layer* A message must thus physrcaUy advance 
vertically between the layers and only in the lowest layer does the message 

35 advance horizontally between the layers. 
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The actual bit-level data transmission is done using the lowest first, 
i.e. physical, layer RF, L1. The physical layer defines the mechanical, 
electronic and functional properties for connecting to the physical transmission 
path. The next, second layer, i.e. data link layer, uses the services of the 
5 physical layer for the purpose of Implementing reliable data transmission and 
takes care of transmission aror coaection, for Instance. On the radio interface 
170, the data fink layer divides into ah RLC/MAC (Radio Link Control / Medium 
Access Control) sub-layer and an LLC (Logical Link Control) sub-layer, i.e. a 
logical link control protocol. The third layer, i.e. network layer, provides the 

10 higher layers Independence from data transmission and switching techniques 
which take care of the connections between the apparatuses. The network 
layer takes care of connection establishment, maintenance and release, for 
instance. In GSM, the network layer is also called a signalling layer. It has two 
main tasks: routing messages and enabling several independent connections 

1 5 simultaneously between two entities. 

The network layer comprises a session management sub-layer SM 
and a GPRS mobility management sub-layer GMM. 

The GPRS mobility management sub-layer GMM takes care of the 
consequences caused by the movement of the user of the mobile station that 

20 are not directly related to radio resource management. On the side of the 
public switched telephone network, this sub-layer would take care of verifying 
the user and connecting the user to the network. In a cellular network, this 
sub-layer supports user mobility, registration and management of data 
generated by mobility. In addition, this sub-layer checks the identity of the 

25 mobile station and the identities of the allowed services. Message 
transmission of this sub-layer takes place between the mobile station MS and 
the support node SGSN. 

The session management sub-layer SM manages all functions 
related to packet-switched call management, but does not detect the 

30 movement of the user. The session management sub-layer SM establishes, 
rtiaintains and releases connections. It has its own procedures for calls 
initiated by and terminating to the mobile station 150. The message 
transmission of this sub-layer, too, takes place between the mobile station MS 
and the support node SGSN. 
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[n the base station system BSS, the messages of the session 
management sub-layer SM and GPRS mobility management sub-layer GMM 
are processed transparently, i.e. they are only transferred back and forth. 

According to prior art, the logical link control protocol LLC 

5 establishes a reliable encrypted logical link between SGSN and MS. LLC is 
independent of the lower layers so that the changing of the radio interface 
would affect the network part of the mobile network as little as possible. The 
services of the logfeal link control protocol include: a very reliable logical link 
between peer entities, support for variable-length information frames, support 

1Q for both acknowledged and unacknowledged data transmission, each frame 
contains an unambiguous identifier of a transmitting or receiving mobile 
station, support for different sen/Ice criteria, such as different priorities of data 
transmission, encryption of transmitted data and user identity. LLC date Is 
transmitted between the Urn and Gb interfaces by a logical link control 

15 protocol relay LLC RELAY. According to the solution described in this 
application, encryption is not perfonned in the LLC sub-layer, but In the MAC 
or RLC sub-layer. Other tasks of the LLC sub-layer can also be given to other 
layers, whereby the LLC sub-layer can be left out completely. 

The MAC layer is responsible for the following tasks; multiplexing 

20 data and signalling on both uplink (mobile station to network part) and 
downlink (network part to mobile station) connections, management of uplink 
transmission path resource requests, and allocation and timing of downlink 
transmission path traffic resources. Traffic priorisation management also 
belongs to this layer. The RLC layer takes care of transmitUng LLC-layer data, 

25 l.e. LLC frames, to the MAC layer; RLC chops the LLC frames into RLC data 
blocks and transmits them to the MAC layer. In the uplink direction, RLC builds 
LLC frames of the RLC data blocks and transmits them to the LLC layer. The 
physical layer is implemented in the Um interface by a radio link, for instance a 
rad'io Interface defined by GSM. For instance, earner modulatton, interleaving 

30 and error-con^ctlon of the data to be transmitted, synchronizatton and 
transmitter power control are performed in the physical layer. 

A BSSGP (Base Station Subsystem GPRS Protocol) layer transmits 
data of the higher layers and information related to routing and the quality of 
senrtce between BSS and SGSN. An FR (Frattie Relay) layer performs the 

35 physical transmission of this informatton. NS (Network Service) transmits 
messages according to the BSSGP protocol 
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Having now given an example of the structure of a mobile system 
and the protocol stacks used therein, it is possible to examine the 
implementation of encryption in a mobile system using GERAN. Figure 4 
shows how the data flow goes from the transmitting end to the receiving end, 
5 The transmitting end is on the left in the figure and the receiving end on the 
right side is separated from it by a vertical dashed line, in GERAN, encryption 
is perfomied in the packet control unit 180 described above, and in the user 
equipment, in the control unit 194, Encryption is performed using a function 
located in the described protocol stacks. The necessary function can be 

1 0 implemented for instance as a software oin in a general-purpose processor, in 
which case the required functions are executed as software components. 
Hanjware impfementation is also possible, for instance ASIC (Application 
Specrfic Integrated Circuit) or a control logic made up of separate components. 

The encryption algorithm 400 is that of the radio access r^twork 

15 UTRAN employing the wideband code division multiple access method of the 
universal mobile telecommunications system, also known as f8. The 
encryption algorithm is a black box and its implementation exactly the same in 
both the GPRS/EDGE radio access network GERAN and ttie radio access 
networic UTRAN employing the wideband code division multiple access 

20 method, in practice this means that the same encryption algorithm 
implementation, whether ASIC or software, can be used in both GERAN and 
UTRAN. 

UTRAN has an agreed fbmiat for the input parameters of the 
encryption algorithm. The agreed format defines the number of the input 

25 parameters and the length of each parameter* The UTRAN input parameters 
are defined in the above-mentioned 3GPP specifications. They are; an 
encryption key, a counter parameter which changes with time, a directional 
parameter (uplink/downlink) and a bearer parameter. In addition, a parameter 
indicating the length of the encryption mask 412 is needed that does not per 

30 se affect the internal operation of the encryption algorithm 400, but only 
indicates how many created symbols are taken from the key stream to the 
encryptron mask 412. 

The uncrypted data 414 is combined by an XOR operation 416 with 
the encryption mask 41 6 to obtain the encrypted data 41 8. 

35 At the receiving end. ttie encryption is removed using a similar 

operation as at the transmitting end, i.e. the encryption mask 412 is combined 
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by an XOR operation 416 with the received encrypted data 418 to obtain the 
original uncrypted data 414. 

The transmitting and receiving ends must be synchronized with 
each other in the sense that the parameters 402, 404. 406. 408, 410 of the 

5 encryption algorithm 400 used to encrypt certain data 414 must also be used 
to decrypt the encrypted data 418 corresponding to said uncrypted data 414. 
Implementing this may require signalling between the transmitting end and the 
receiving end. This or data modulation and channel coding are not described 
in more detail herein, because tliey are not essentia! for the invention and are 

10 known actions to a person sidlled in the art With respect to the invention, it is 
enough to note that the transmitting end comprises means 400. 416 for 
encrypting data to be transmitted to the receiving end using an encryption 
algorithm 400, and the receiving end con«spondlngly comprises means 400.- 
416 for decrypting data received from the transmitting end using the 

15 encryption algorithm 400. Because the connection between GERAN and the 
user equipment is bi-directional, both can serve as transmitting and receiving 
ends. Thus, both GERMi and the user equipment comprise both the 
encryption means and the decryption means. 

The GPRS/EDGE radio access network GERAN comprises means 

20 402, 404, 406, 408, 410 for creating the input parameters of agreed format 
required by the encryption algorithm 400 on the basis of the operating 
parameters of the GPRS/EDGE radio access networi^ GERAN. The user 
equipment UE comprises the same means 402, 404. 406. 408. 410. For 
clarity's sake. Figure 4 uses the same reference numerals 402, 404, 406, 408, 

25 410 to depict both the parameters of the encryption algorithm 400 and the 
means to process them. In practice, said means are preferably implemented 
by software in the control unit 194 of the user equipment UE or in the packet 
control unit 180 of the GPRS/EDGE radio access network GERAN: 





RLC protocol 


MAC protocol 


Counter parameter 402: 
length 32 bits 


RLC sequence 
number: length 7 or 11 
bits, value range 0-127 
or 0-2047. 

- Symbol for defining 
whether data to be 


- Extended TDMA 
frame number length 
28 bits, value range 0- 
(2^-1) 

- Time slot number 
length 3 bits, value 0- 
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encrypted is data or 
second layer signalling 
plane or other data: 
length 1 bit, value 1 . 
- Hyper frame number, 
length 24 or 20 bits. 


f - 

- Symbol for defining 

wn6U1c?r Uata aJ DC 

encrypted is date of 

^6uunQ layer oiyiraiiiH^ 

plane or other data: 
length 1 bit, value 1. 


Directional parameter 404: 
length 1 bit, value 0/1 






Bearer parameter 406i 
length 5 bits 






Length parameter 410: 
length i o dixs 


Value: length of 

full block without radio 
bearer identifier and 
RLC sequence 
number. 


Value; length of full 
biockr 


Encryption key parameter 

408: length 128 bits. 







Table 1 



Table 1 shows how Input parameters of the required fomrat are 
obtained from the GERAN operating parameters when transmitting user plane 
5 data. The leftmost column of the table shows the parameters required by 
UTRAN. The middle column shows an alternative, in which encryptton is 
perfomied In the RLC protocol layer, and the rightmost column shows an 
alternative, in which the encryption is performed in the MAC protocol tayer. 

The UTRAN directional parameter 404 defines the transmission 
10 direction, to which the data to be encrypted is transmitted. Value 0 is uplink 
and value 1 is downlinlt. The directional parameter 404 can also be used as 
such in GERAN- 

In UTRAN, the bearer parameter 406 defines the used radio bearer 
identifier. This makes it possible to use tfie same encryption key 408 when a 
15 user uses simultaneously several different radio bearers w^ich have been 
multiplexed to the same physical layer frame. The bearer parameter 406 -can 
be used as such in GERAN. 
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In UTRAN, the length parameter 410 defines the required key 
stream length, i.e. the length of the encryption mask 412. The length 
parameter 410 can be used as such in GERAN. When using the RLC protocol, 
Its value is tiie length of the payload or the length of a full block without the 
5 radio bearer identifier and RCL sequence number When using the MAC 
protocol, its value is the length of a full block, in which case the radio bearer 
identffier is not included in the information flow, but is agreed on before 
starting transmission. 

In UTRAN» the encryption key parameter 408 defines the encryption 
1 0 key. The encryption key parameter 408 can be used as such in GERAN. 

The UTRAN counter parameter 410 is a 32'bit counter changing 
v/fth time and formed by the hyper frame number and RLC sequence number, 
for instance. In the original GSM system, a 22-bit TDMA frame number is used 
as the counter parameter. This means that the counter parameter reaches its 
1 5 maximum value already after approximately 3.5 hours of encryption. When the 
counter parameter starts again, the mask begins to get the same values again 
and the encryption can be broken unless a new encryption key is taken into 
use. 

The counter parameter 410 cannot as such be used in GERAN, but 

20 its contents must be changed while the length remains at 32 bits. When using 
the RLC protocol, ttie counter parameter 410 is formed by the RLC sequence 
number, a symbol which defines whether the data to be encrypted is data of 
the second layer signalling plane or otiier data, and the hyper frame number. 
The length of the hyper frame number can be 24 bits, in which case the length 

25 of the IRLC sequence number is 7 bits, or the hyper frame number can be 20 
bits long, in which case the RLC sequence, number is 11 bits long. The l-bit 
symbol which defines whether the data to be encrypted Is data of the second 
layer signalling plane or other data obtains in this case the value 1 , when the 
data to be encrypted is other data than data of the second layer signalling 

30 plane. In practice, when using the RLC protocol, the effective length of the 
counter parameter becomes 31 bits, while the 1-bit symbol Is constant 

When using the MAC protocol, the counter parameter 410 is formed 
by an extended TDMA frame number, a time^lot number and a symbol 
defining whether the data to be encrypted is data of the second layer signalling 

35 plane or other data. The length of the TDMA frame number is thus extended to 
28 bits. The l-bit symbol which defines whether the data to be encrypted is 
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data of the second layer signallirrg plane or other data obtains in this case the 
value 1 , when the data to be encrypted is other data than data of the second 
layer signalling plane. The time slot number can be constant, If only one time 
slot is used. In practice, when using the MAC protocol^ the effective length of 
5 the counter parameter becomes 28 bits, while the 1-brt symbol and the time 
slot number are constant This is 64 times more than the cycle of the present 
GSM counter parameter, and thus sufficient in practice. 

The same idea as with the hyper frame number is used with the 
extended TDMA frame number, fn the present GSM system, the 11 most 

1 0 significant bits of the TDMA frame number are used to calculate a muHi-frame. 
These 11 bits fomn a T1 counter part which when extended to 16 bits provides 
the extended TDMA frame number A 5-bit T2 counter part and a 6-bit T3 
counter part can be kept In the extended TDMA frame number. 

When using the RLC protocol, the payload of the user, but not the 

15 radio bearer identifier or the RLC block header, is encrypted to ensure the 
reception of the RLC sequence number. Another alternative rs to encrypt the 
payload of the user and the header of the block, but not the RLC sequence 
number or the radio bearer identifier. When using the MAC protocol, the entire 
MAC block is encrypted. 

20 Table 2 shows how input parameters of the required format are 

obtained from the GERAN operating parameters when transmitting second 
layer signalling plane data. The encryption must then be perfomned in the 
MAC protocol layer 

The directional parameter 404, length parameter 410 and 

25 encryption key parameter 408 can be used in the same way when transmitting 
second layer signalling plane data as when transmitting other data. 

There is no radio bearer identifier for the second layer signalling 
plane data, so the bearer parameter 406 is given a constant vakie, for 
instance "00O00^ A specific meaning can also be defined for this constant 

30 value, as described later. 





MAC protocol 


Counter parameter 402: 
length 32 bits 


Extended TDMA frame 
number length 28 bits, 
value range 0-{2^-1 ) 
" Time slot number 
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length 3 bits, value 0-7. 
- Symbol for defining 
whether data to be 
encrypted is data of 
second layer signalling 
plane or other data: 
length 1 bit, value 0. 


Directional parameter 404: 
length 1 bit, value 0/1 




Bearer parameter 406: 
length 5 bits 


Value "00000" 


Length parameter 410: 
length 16 bits 


Value: length of full 
block. 


Encryption key parameter 

408: length 128 bits 





Table 2 



The counter parameter 410 isfomned for the second layer signalling 
plane data in the same way as for other data when using the MAC protocol, 
5 i.e. the counter parameter 410 is formed by an extended TDMA frame 
number, a time slot number and a symbol which defines whether the data to 
be encrypted is data of the second layer signalling plane or other data. The 1- 
bit symbol which defines whether the data to be encrypted is data of the 
second layer signalling plane or other data obtains in this case the value 0, 
10 when the data to be encrypted is data of the second layer signalling plane. 
The entire MAC block is encrypted. 

Naturally, the possible values of &ie 1-bit symbol could be defined 
the other way round, i.e. value 1 would mean that the data to be encrypted is 
data of the second layer signalling plane, and value 0 would mean that the 
1 5 data to be encrypted is other data. 

The following describes alternative pretend embodiments of the 

invention. 

In a preferred embodiment, one of ttie bearer parameter values is 
reserved for signalling plane data to be encrypted. This is the above- 
20 mentioned constant value, for instance "00000% described in table 2. This 
way, it is possible to replace *e symbol whtoh defines whether the data to be 
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encrypted is data of the second layer signalling plane or other data. The value 
"00000" defines that the data to be encaypted is data of the second layer 
signalling plane, and any other value defines the used radio bearer Identifier. 
As mentioned above, no radio bearer identifier is used for the second layer 
5 signalling plane data. This method provides the advantage that the effective 
length of the counter parameter increases by one bit, and ttie disadvantage 
that a specrfk; meaning must be defined for one radio bearer identifier. 

In a prefenBd embodiment, when using the MAC protocol, the 
infonnation to be stored on the last used extended TDMA frame number is 

10 stored in the user equipment UE for the next connection, in practice it is 
generally stored on the SIM (Subscriber Identity Module) card of the user 
equipment UE. Hyper frame number management known from UTRAN is 
applied hereto. If several radio bearers are used on the same connection, then 
tfie extended TDMA frame number is stored that has obtained the biggest 

15 value. When establishing a new connection, only one value then needs to be 
communicated, and this value is used to begin the encryption of the new 
connection. In UTRAN, said value Is refen-ed to as START. The Infonnation on 
the last used extended TDMA frame number preferably comprises a certain 
number of the most significant bits in the extended TDMA frame number. 

20 Con-espondingly. when using the RLC protocol, the information on the last 
used hyper frame number is stored in the user equipment UE for the next 
connection. The information to be stored on the last used hyper frame number 
preferably comprises a certain number of the most significant bits of the hyper 
frame number. The described storing of the extended TDMA frame number 

25 and/or hyper frame number for the next connection can also be performed in 
the GPRS/EDGE radio access network GERAN, most preferably in the packet 
control unit 180, How the signalfing of said stoned value can easiest and most 
efficiently be done between the user equipment and the GPRS/EDGE radio 
access network GERAN. when establishing a new connection, affects the 

30 selection of the storage location. One stored START value takes care of 
connections using both the RLC protocol and the MAC protocol of the same 
user, i.e. the maximum of the used values is stored. 

In a preferred embodiment, when the connection of the user 
equipment UE changes between the GPRS/EDGE radio access network 

35 GERAN and the radio access networi« UTRAN employing wideband code 
division multiple access method, infonnation on the last used extended TDMA 
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frame number or hyper frame number is provided to the new radio access 
network, and the same encryption key input parameter 408 as in the old radio 
access network is used as the encryption key input parameter 408 of the 
encryption algorithm 400 in the new radio access network. This way, it is 
5 possible to avoid the use of the same mask 412 for uncrypted data 414 with 
different content. Without this procedure, it would be necessary to always 
perform the signalling required by the initiation of a new encryption key 
between the user equipment UE and the GPRS/EDGE radio access network 
GERAN when the connection changes, due to handover, for instance. In 

10 principle, this procedure can be implemented in two ways, either in such a 
manner that the user equipment comprises means 190, 192, 194 for providing 
information on the last used extended TDMA frame number or hyper frame 
number to the new radio access network when the connection of tie user 
equipment UE changes between the GPRS/EDGE radio access network 

15 GERAN and the radio access network UTRAN employing wideband code 
division multiple access method, or in such a manner that the GPRS/EOGE 
radio access network GERAN comprises means 180 for receiving information 
on the last used extended TDMA frame number or hyper frame number to the 
user equipment UE when the connection of the user equipment UE changes 

20 between the GPRS/EDGE radio access network GERAN and the radio access 
network UTRAN employing wideband code division multiple access method. 

The described procedures are preferably implemented in such a 
manner that the informatron to be stored or provided comprises a certain 
number of the most significant bits, and before the information is used In the 

25 new radio connection or radio access network, the value of the number farmed 
by the most significant bits is increased by one. This way, it is possible to 
avoid the use of the same encryption mask 412 twrce fbr uncrypted data 414 
with different content. This can be implemented In such a manner that either 
the user equipment UE or the GPRS/EDGE radio access network GERAN 

30 comprises means 402 fbr increasing by one the value of the number formed 
by said most significant bits before the information is used iri a new conr>eclion 
or in the new radio access network- For instance, when moving from GERAN 
to UTRAN, 20 most significant bits coukJ be stored and when nwving from 
UTRAN to GERAN, 17 most significant bits could be stored. Thi^ way, the 

35 differences between the less significant parts remain unimportant, and it Is 
ensured that the same encryption mask 412 is not used twice. 
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With reference to the flow chart in Figure 3, the following presents 
the steps that are taken in the method for transmitting data between the 
GPRS/EDGE radio access network GERAN and user equipment LIE of a 
mobile system. The method starts from block 300. 
5 In block 302, the data to be transmitted is encrypted using an 

encryption algorithm 400 at the transmitting end. 

In block 304, the encrypted data is transmitted from the transmitting 
end to the receiving end. 

In block 306, the transmitted data is decrypted using the encryption 
10 algorithm 400 at the receiving end. 

The placing of block 310 at both the transmitting end and the 
receiving end describes the fact that the encryption algorithm 400 of the radio 
access network UTRAN employing the wideband code division multiple access 
method of the universal mobile telecommunications system is used as the 
15 encryption algorithm 400. in which case the input parameters 402, 404, 406, 
40fl, 410 of agreed format required by the encryption algorithm 400 are 
created on the basis of the operating parameters of the GPRS/EDGE radio 
access network GERAN. 

As the accompanying claims reveal, the method can be modrfted 
20 using the above preferred embodiments of the user equipment UE and the 
GPRS/EDGE radio access network GERAN. 

Even though the invention has been explained In the above with 
reference to examples in accordance with the accompanying drawings^ it is 
obvious that the invention is not restricted to them but can be nr>odified in many 
25 ways within the scope of the inventive idea disclosed In Itie attached claims. 
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CLAIMS 

1. A method for transmitting data between a GRPS/EDGE radio 
access network GERAN and user equipment of a mobile system, oomprising; 

(302) encrypting the data to be transmitted using an encryption 
5 algorithm at the transmitting end, 

(304) transmttiing the encrypted data from the transmitting end to 
the receiving end, 

(306) decrypting the transmitted data using an encryption algorithm 
at the receiving end, 

10 characterized by (310) using an encryption algorithm of the 

radio access network UTRAN employing the wideband code division multiple 
access method of the universal mobile telecommunteations system as the 
encryption algorithm, in which case input parameters of the agreed format 
required by the encryption algorithm are created on the basis of the operating 

1 5 parameters of the GPRS/EEX3E radio access network GERAN. 

2. A method as claimed in daim 1, wherein the agreed format of the 
input parameters of the encryption algorithm defines the number of the input 
parameters and the length of each parameter. 

3. A method as claimed in any one of the preceding claims, wherein 
20 the encryption algorithm Is a black box and its implementation is exactly the 

same In both the GPRS/EDGE radio access networi< GERAN and the radio 
access network UTRAN employing the wideband cx^de division multiple access 
method. 

4. A method as claimed in any one of the preceding claims, wherein 
25 the input parameters comprise a counter parameter. 

5. A method as claimed in claim 4, wherein the counter parameter 
comprises a symbol which defines whether the data to be encrypted is date of 
the second layer signalling plane or other data. 

6. A method as claimed in claim 1. wherein the input parameters 
30 comprise a bearer parameter, and one of the bearer parameter values is 

reserved for signalling plane data to be encrypted. 

7. A method as claimed in daim 4, wherein when executing the 
encryption algorithm in the MAC layer of a protocol stack, the counter 
parameter comprises an extended TDMA frame numt)er. 
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8. A method as claimed in claim 7. wherein the extended TDMA 
frame number is based on extending the T1 counterpart of GSM. 

9. A method as claimed in claim 7. wherein information on the last 
used extended TDMA frame number is stored in the user equipment for the 

5 next connection. 

10. A method as claimed in claim 9, wherein the infomrration to be 
stored on the last used extended TDMA frame number comprises a certain 
number of the most significant bits of the extended TDMA frame nun>ber, and 
before the information is used in a new radio connection to fomi an extended 

10 TDIVIA frame number, the value of the number fornned by. said most significant 
bits is increased by one. 

11. A method as claimed in claim 4, wherein when executing the 
encryption algorithm in the MAC layer of a protocol stack, the counter 
parameter comprises a time slot number. 

15 12. A method as claimed in claim 4, wherein when executing the 

encryption algorithm in the RLC layer of a protocol stack, the counter 
parameter comprises a hyper frame number 

13. A method as claimed in claim 12^ wherein information is stored 
on the last used hyper frame number in the user equipment for the next 

20 connection, and before the information is used in a new radio connection to 
form a hyper frame number, the value of the number formed by said most 
significant bits is increased by one, 

14. A method as claimed in claim 13, wherein the information to be 
stored on the last used hyper firame number comprises a certain niimber of 

25 the most significant bits of the hyper frame number. 

15. A method as cfaimed in claim 1, wherein when the connection 
of the user equipment changes between the GPRS/EDGE radio access 
networi< GERAN and the radio access network UTRAN employing wideband 
code division multiple access method, information on the last used extended 

30 TDMA frame number or hyper frame number is provided to ttie new radio 
access networic, and the same encryption key input parameter as in the old 
radio access network is used as the encryption key input parameter of the 
encryptran algorithm in the new radio access network. 

16. A method as claimed in claim 15, wherein the information to be 
35 provided comprises a certain number of the most significant bits, and t>ef6re 
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the information is used in a new radio access network, the valtie of the number 
formed by said most significant bits is increased by one, 

1 7. User equipment (UE) of a mobile system, comprising 

means (41 6) for encrypting data to be transmitted to a GPRS/EDGE 
5 radio access network GERAN by using an encryption algorithm (400), 

means (416) for decrypting data received from the GPRS/EDGE 
radio access network GERAN by using an encryption algorrthm (400); 

characterized in that the encr^tion algorfthm (400) is an 
encryption algorithm (400) of the radio access networt< LfTRAN employing the 
10 wideband code division multiple, access method of the universal mobile 
telecommunications system, and the user equipment comprises nreans (402, 
404, 406, 408, 410) for creating input parameters of the agreed fomiat 
required by the encryption algorithm (400) on the basis of the operating 
parameters of the GPRS/EDGE radio access network GERAN^ 
15 18. User equipment as claimed in claim 17, wherein the agreed 

fonmat of the input parameters of the encryptton algorithm (400) defines the 
number of the input parameters and the length of each parameter. 

19, User equipment as claimed in claims 17 to 18, wherein the 
encryption algorithm (400) is a black box and its implementation Is exactly the 

20 same in both the GPRS/ECX3E radio access network GERAN and the radio 
access network UTRAN employing the wideband code division multiple access 
method. 

20. User equipment as claimed in claims 17 to 19. wherein the input 
parameters comprise a counter parameter (402), 

25 21. User equipment as claimed in claim 20, wherein the counter 

parameter comprises a syn>bol which defines whether the data to be 
encrypted is data of the second layer signallir>g plane or other data. 

22. User equipment as dainDed in claim 17, wherein the input 
parameters comprise a bearer parameter (406), and one of the -bearer 

30 parameter (406) values Is reserved for signalling plane data to be encrypted. 

23. User equipment as claimed in daim 20, wherein when executing 
the encryption algorithm (400) in the MAC layer of a protocol stack, the 
counter parameter (402) comprises an e)dended TDMA frame number. 

24. User equipment as claimed in daim 23, wherein the extended 
35 TDMA frame number is based on extending the T1 counter part of GSM. 
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25, User equipment as claimed in claim 23, wherein the user 
equipment (UE) comprises means for storing Infomiation on the last used 
extended TDMA frame number for the next connection. 

26. User equipment as claimed in claim 25, wherein the infomiation 
5 to be stored on the last used extended TDMA frame number comprises a 

certain number of the most significant bits of the extended TDMA frame 
number, and the user equipment (UE) comprises means <402) for increasing 
by one the value of the number formed by said most significant bits before the 
information is used in a new radio connection to form an extended TDMA 
10 frame number. 

27- User equipment as claimed in claim 20, wherein when executing 
the encryption algorithm (400) in the MAC layer of a protocoi stack, the 
counter parameter (402) comprises a time slot number 

28, User equipment as claimed in claim 20, wherein when executing 
15 the encryption algorithm (400) in the RLC layer of a protocol stack, the counter 

parameter (402) comprises a hyper frame number. 

29. User equipment as claimed in claim 28, wherein the user 
equipment (UE) comprises means for storing information on the last used 
hyper frame number for the next connection . 

20 30. User equipment as claimed in claim 29> wherein the information 

to be stored on the last used hyper frame number comprises a certain number 
of the most significant bits of the hyper frame number, and the user equipment 
(UE) comprises means (402) for increasing by one the value of the number 
formed by said most significant bits tjefore the information is used in a new 

25 radio connection to form a hyper frame number, 

31, User equipment as claimed in claim 17, wherein the user 
equipment comprises means (190, 192, 194) for providing information on the 
last used extended TDMA frame number or hyper frame number to the new 
radio access networic, when the connection of the user equipment (UE) 

30 changes between the GPRS/EDGE radio access network GERAN and tiie 
radio access network UTRAN employing wideband code division mulOpte 
access method, and for using the same encryption key parameter (408) as In 
the old radio access network as the encryption key parameter (408) of the 
encryption algorithm (400) in the new radio access network, 

35 32. User equiprr^ent as claimed in claim 31 , wherein the information 

to be provided comprises a certain number of the most signiffcant bits, and the 
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user equipment (UE) comprises means (402) for increasing by one the value 
of the number formed by said most significant brts before the infomiation is 
used in the new radio access network. 

33- A GPRS/EDGE radio access network GERAN of a mobile 
5 system, comprising 

means (416) for encrypting data to be transmitted to user 
equipment (UE) using an encryption algorithm (400), 

means (416) for decrypting data received from the user equipment 
(UE) using the encryption algorithm (400); 
10 characterized in that the encryption algorithm (4O0) is an 

encryption algorithm (400) of the radio access network LFTRAN employing the 
wideband code division multiple access method of the universal mobile 
telecommunications system, and the GPRS/EDGE radio access network 
GERAN comprises means (402, 404, 406, 408, 410) for creating input 
15 parameters of the agreed format required by the encryption algorithm (400) on 
the basis of the operating parameters of the GPRS/EDGE radio access 
network GERAN. 

34. A GPRS/EDGE radio access network as claimed in claim 33, 
wherein the agreed format of the input parameters of the encryption algorithm 

20 (400) defines the number of the input parameters and the length of ^ach 
parameter. 

35. A GPRS/EDGE radio access network as claimed in claims 33 to 

34, wherein the encryption algorithm (400) is a black box and its 
implementation is exactly the same in bolti the GPRS/EDGE radio access 

25 network GERAN and the radio access networic LTTRAN employing the 
wideband code division multiple access method. 

36. A GPRS/EDGE radio access network as claimed in claims 33 to 

35, wherein the input parameters comprise a counter parameter (402). 

37. A GPRS/EDGE radio access networtc as darmed in daim 36, 
30 wherein the counter parameter comprises a symbol whteh defines whether the 

data to be encrypted is data of the second layer signalling plane or other data. 

38. A GPRS/EDGE radio access network as claimed in claim 37, 
wherein the input parameters comprise a bearer parameter {406), and one of 
the bearer parameter (406) values is reserved for signalling plane data to be 

35 encrypted. 
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39. A GPRS/EDGE radio acces^s network as claimed in claim 36, 
wherein when executing the encryption algorithm (400) in the MAC layer of a 
protocol stack, the counter parameter <402) comprises an extended TDMA 
frame number. 

5 40- A GPRS/EDGE radio access network as claimed in claim 39, 

wherein the extended TDMA frame number is based on extending the T1 
counter part of GSM. 

41. A GPRS/EDGE radio access network as claimed in claim 39, 
wherein the GPRS/EDGE radio access network GERAN comprises means for 

10 storing information on the last used extended TDMA frame number for the 
next connection* 

42. A GPRS/EDGE radio access network as claimed in olaim 41 . 
wherein the Information to be stored on the last used extended TDMA frame 
number comprises a certain number of the most significant bits of the 

16 extended TDMA frame number, and the GPRS/EDGE radio access network 
GERAN comprises means. (402) for increasing by one the value of the number 
formed by said most significant bits before the information is used to fomn an 
extended TDMA frame number. 

43. A GPRS/EDGE radio access network as daimed in claim 36, 
20 wherein when executing the encryption algorithm (400) In the MAC layer of a 

protocol stack, the counter parameter (402) comprises a time slot number. 

44. A GPRS/EDGE radio access networi^ as claimed in claim 35, 
wherein when executing the encryption algorithm (400) in the RLC layer of a 
protocol stack, the counter parameter (402) comprises a hyper frame number 

25 45. A GPRS/EDGE radio access networic as claimed in claim 44, 

wherein the GPRS/EDGE radio access network <5ERAN comprises means for 
storing Infomriation on the last used hyper frame number for the next 
connection. 

46. A GPRS/EDGE radio access network as claimed in claim 45, 
30 wherein the information to be stored on the last used hyper frame number 
comprises a certain number of the most significant bits of the hyper frame 
number, and tfie GPRS/EDGE radio access network GERAN comprises 
means (402) for increasing fay one the value of the number formed by said 
most significant bits before the information is used to form a hyper frame 
35 number. 
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47. A GPRS/EDGE radio access network as claimed in claim 33, 
wherein the GPRS/EDGE radio access network GERAN comprises means 
(180) for receiving information on the last used extended TDMA frame number 
or hyper frame number to the user equipment (UE), when the connection of 
5 the user equipment (UE) changes t>etween the GPRS/EDtSE radio access 
network GERAN and the radio access network UTRAN employing wideband 
code division multiple access method^ and for using as the encryption key 
parameter (408) of the encryption algorithm (400), the encryption key 
parameter (408) according to the received information. 
10 48. A GPRS/EDGE radio access network as claimed in claim 47, 

wherein the information to be provided comprises a certain number of the 
most significant bits, and the GPRS/EDGE radio access network GERAN 
comprises means (402) for increasing by one the value of the number formed 
by said most significant bits before the information is used. 
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(57) ABSTRACT 

The invention relates to a method for transmitting data 
between a GRPS/EDGH radio access network GERAN and 
user equipment of a mobile system, and to user equipment 
using the method, and to GERAN. In the method, (302) the 
data to be transmitted is encr^ted using an encryption 
algorithm at the transmitting end, <304) the encrypted data 
is transmitted from the transmitting end to the receiving 
end, and (306) the transmitted data is decrypted using an 
encryption algorithm at the receiving end. The used 
encryption algorithm is an encryption algorithm of the radio 
access networl< UTRAN employing the wideband code 
division multiple access method of the universal mobile 
telecommunications system, in which case input 
parameters of the agreed fbnmat required by the encryption 
algorithm are created on the basis of the operating 
parameters of the GPRS/EDGE radio access network 
GERAN. 
(Figure 3) 
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€/7 
300 START 



302 ENCRYPT DATA TO 8E TRANSMITTED USING 
ENCRYPTION ALGORITHM AT TRANSMITTING END 

310 I 

i 

304 TRANSMIT ENCRYPTCD DATA FROM TRANSMITTJNG 
END TO RECEIVING END 




306 DECRYPT TRANSMITTED DATA USING ENCRYPTION 
ALGORITHM AT RECEIVING END 



310 



J 



308 END 



310 UTRAN ENCRYPTION ALGORITHM IS USED 
AS ENCPRYPTION ALGORITHM, IN WHICH CASE 
INPUT PARAMETERS OF AGREED FORMAT ARE 
CREATED ON THE BASIS OF GERAN OPERATING 
PARAMETERS 



Fig 3 
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